Kaspersky Lab researchers have uncovered an advanced mobile implant, active since 2014 and designed for targeted cyber-surveillance, possibly as an ‘offensive security’ product.

The implant, named Skygofree, includes functionality never seen in the wild before, such as location-based audio recording through infected devices. The spyware is spread through web pages mimicking leading mobile network operators.

Skygofree is a sophisticated, multi-stage spyware that gives attackers full remote control of an infected device.

It has undergone continuous development since the first version was created at the end of 2014 and it now includes the ability to eavesdrop on surrounding conversations and noise when an infected device enters a specified location – a feature that has not previously been seen in the wild.

Other advanced, unseen features include using Accessibility Services to steal WhatsApp messages and the ability to connect an infected device to Wi-Fi networks controlled by the attackers.

The implant carries multiple exploits for root access and is also capable of taking pictures and videos, seizing call records, SMS, geolocation, calendar events and business-related information stored in the device’s memory. A special feature enables it to circumvent a battery-saving technique implemented by a top device vendor: the implant adds itself to the list of ‘protected apps’ so that it is not switched off automatically when the screen is off.

The attackers also appear to have an interest in Windows users, and researchers found a number of recently developed modules targeting this platform.

Most of the spoofed landing pages used for spreading the implant were registered in 2015, when according to Kaspersky Lab telemetry the distribution campaign was at its most active. The campaign is ongoing and the most recent domain was registered in October 2017. The data shows there have been several victims to date, all in Italy.

“High end mobile malware is very difficult to identify and block and the developers behind Skygofree have clearly used this to their advantage: creating and evolving an implant that can spy extensively on targets without arousing suspicion. Given the artefacts we discovered in the malware code and our analysis of the infrastructure, we have a high level of confidence that the developer behind the Skygofree implants is an Italian IT company that offers surveillance solutions, rather like HackingTeam,” said Alexey Firsh, Malware Analyst, Targeted Attacks Research, Kaspersky Lab.

The researchers found 48 different commands that can be implemented by attackers, allowing for maximum flexibility of use.

1. Implementing a reliable security solution that can identify and block such threats on endpoints, such as Kaspersky Security for Mobile.

2. Users are further advised to exercise caution when they receive emails from people or organizations they don’t know, or with unexpected requests or attachments – and to always double-check the integrity and origin of websites before clicking on links. If in doubt, call the service provider to verify.

3. System administrators, in their turn, are advised to turn on Application Control functionality in their mobile security solutions to control potentially harmful programs vulnerable to this attack.

Kaspersky Lab detects the Skygofree versions for Android as HEUR:Trojan.AndroidOS.Skygofree.a and HEUR:Trojan.AndroidOS.Skygofree.b, and the Windows samples as UDS:DangerousObject.Multi.Generic.

Further information, including a list of Skygofree’s commands, indicators of compromise, domain addresses and the device models targeted by the implant’s exploit modules can be found on Securelist.com.

RECOMMENDED ARTICLE FOR TECHWORLD

Technology and tourism, when converged effectively, open a myriad of opportunities. OYO, South Asia’s largest, and the world’s fastest-growing chain of hotels, homes and spaces, proves this as it lands in the Philippines.. See More

Technology and tourism, when converged effectively, open a myriad of opportunities. OYO, South Asia’s largest, and the world’s fastest-growing chain of hotels, homes and spaces, proves this as it lands in the Philippines.See More

On June 6, 2017, Valve decided to discontinue Steam Greenlight. After suspending the submission of new games, they had more than 3400 games that were pending in Steam Greenlight. Some titles weren't granted approval.... See More

On June 6, 2017, Valve decided to discontinue Steam Greenlight. After suspending the submission of new games, they had more than 3400 games that were pending in Steam Greenlight. Some titles weren't granted approval...See More

Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, is proud to announce the release of the DrivePro 550 Dashcam. Featuring a dual lens camera and a large viewing angle, the.... See More

Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, is proud to announce the release of the DrivePro 550 Dashcam. Featuring a dual lens camera and a large viewing angle, the...See More

CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, and DreamHack, the world’s largest digital festival, are excited to announce a groundbreaking new partnership which will see CORSAIR and DreamHack.... See More

CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, and DreamHack, the world’s largest digital festival, are excited to announce a groundbreaking new partnership which will see CORSAIR and DreamHack...See More

Local cloud services pioneer IPC (IP Converge Data Services, Inc.) opened its digital transformation seminar series this year with an insightful discourse on how productivity applications are changing the workplace for the better. Dubbed.... See More

Local cloud services pioneer IPC (IP Converge Data Services, Inc.) opened its digital transformation seminar series this year with an insightful discourse on how productivity applications are changing the workplace for the better. Dubbed...See More

Every hometown has its own tall tales. Such tales makes every community unique, interesting and historically significant. When these tales are translated into video games, gamers will get to know better about a hometown's.... See More

Every hometown has its own tall tales. Such tales makes every community unique, interesting and historically significant. When these tales are translated into video games, gamers will get to know better about a hometown's...See More

The results are in. The growth of the country’s Philippine Personal Computer (PC) market is the fastest in the ASEAN region. Acer leads the Philippine PC market in all circumstances for 10 years straight.... See More

The results are in. The growth of the country’s Philippine Personal Computer (PC) market is the fastest in the ASEAN region. Acer leads the Philippine PC market in all circumstances for 10 years straight...See More

Various schools across the country will represent the Philippines at the World Robotics Olympiad 2018 (WRO 2018) happening on November 15 to 19 in Chiang Mai, Thailand, after being proclaimed as winners of the.... See More

Various schools across the country will represent the Philippines at the World Robotics Olympiad 2018 (WRO 2018) happening on November 15 to 19 in Chiang Mai, Thailand, after being proclaimed as winners of the...See More